Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Security Week: August 1st 2005 Print E-mail
User Rating:      How can I rate this item?
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "CSOs Worry About Digital Pearl Harbor," "A security qualification is a must but make sure it fits your field," and "Paying for Flaws: Undermining Security or Rewarding Good Deeds?"

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

LINUX ADVISORY WATCH - This week, perhaps the most interesting articles include cacti, heimdal, webcalendar, ekg, phpbb2, setarch, openoffice, pvm, fetchmail, mozilla,devhelp, yelp, subversion, zlib, kdenetwork, perl, module-init-tools, mgetty, system-config-netboot, libsepol, gnbc-kernel, dlm-kernel, cman-kernel, util-linux, tar, gcc, libtool, audit, zlib, apr, pam_ldap, fetchmail, sandbox, Koptete, Clam, Ethereal, cpio, kdenetwork, httpd, and dhcpd. The distributors include Debian, Fedora, Gentoo, and Red Hat. Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Single photons distributed for quantum cryptography
  26th, July, 2005

Japanese Nippon Telegraph and Telephone Corp. (NTT) has successfully demonstrated the quantum cryptography with a single photon can be realised in the photonic network of optical fibres. The quantum cryptography is expected to be the last resort of the cryptography protocol, and to enhance enormously the safety of transmitting information.

  CSOs Worry About Digital Pearl Harbor
  25th, July, 2005

Forty-five percent of corporate chief security officers believe a "digital Pearl Harbor" will take place eventually, with 13 percent anticipating such an attack within a year, according to a survey by CSO Magazine.

  'Critical' Kerberos Flaws Could Open Networks to Attack
  28th, July, 2005

Kerberos, the popular authentication protocol developed by the Massachusetts Institute of Technology, is vulnerable to three serious flaws that could allow an attacker to gain access to protected corporate networks, MIT researchers disclosed late on Tuesday.

  Linux Network Security Higher than Other Platforms
  29th, July, 2005

"There are many research reports that try to compare the number of vulnerabilities between Linux and other operating systems but none take into account the severity of the issues." said Mark Cox head of the Red Hat security response team, "This report shows there are relatively few critical issues affecting users of Linux based operating systems. However, we believe even one is unsatisfactory, and our strategy is to rapidly respond to fix these issues whilst innovating new technology to reduce the risk of future issues."

  Should Michael Lynn have kept his mouth shut?
  29th, July, 2005

One can only imagine what raced through Michael Lynn's mind the penultimate moment before he saved or sacrificed our nation's critical infrastructure, depending on your take of the researcher's Black Hat Briefings presentation this week.

  Cisco Comes Clean on Extent of IOS Flaw
  29th, July, 2005

Cisco Systems Inc. on Friday confirmed that a security hole in its Internetwork Operating System could be exploited by remote attackers to execute arbitrary code.

  Black Hat Confab to Spotlight Database Security
  27th, July, 2005

Rootkits. Zero-day exploits. Social engineering. Encryption cracking. Cryptography. File format fuzzing. Kernel exploitation. These are just some of the buzzwords making the rounds at the Black Hat USA 2005 security conference here, where some of the sharpest minds in the research community will congregate to share information on computer and Internet security threats.

  Secure servers standards launched
  27th, July, 2005

The Trusted Computing Group has announced an open specification for trusted servers to allow manufacturers to offer better data and transaction security. The specification launched by the industry standards body defines the architecture of a trusted server including its management, maintenance and communication between servers and clients.

  3Com to pay for threat tips
  27th, July, 2005

3Com this week is expected to launch a program that offers cash to members of the security community in return for information on potentially damaging Internet-based security threats. Its Zero Day Initiative is an attempt to prompt the disclosure of security vulnerabilities quicker by giving independent security researchers incentive for pointing out holes in software and hardware products that could lead to network attacks. Some observers call the program a positive step toward making networks safer, while others question how such a payoff system would work, or whether third-party vendors -- including 3Com competitors -- would react negatively to a system under which 3Com gives money to individuals for information about product vulnerability before the affected vendors know about them.

  Cisco Security Hole a Whopper
  28th, July, 2005

A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.

Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.

  A security qualification is a must but make sure it fits your field
  25th, July, 2005

Europe will need another 680,000 information security professionals by 2008, according to a survey by IDC on behalf of the International Information Systems Security Certification. The survey found that most hiring managers (93%) preferred candidates with security qualifications. ISC2 offers certificates for systems security practitioners (SSCP) and professionals (CISSP), and is one of several bodies to provide such qualifications. The survey found that security specialists are also expected to understand business processes, to help minimise risks as new systems are developed.

  Offering a bounty for security bugs
  25th, July, 2005

TippingPoint--part of 3Com--is soliciting hackers to report vulnerabilities in exchange for money. If a valid bug is found, TippingPoint will notify the maker of the flawed product and update its security products to protect users against exploitation of the flaw until an official patch is released.

  Critical MySQL Flaw Found
  25th, July, 2005

A "highly critical" flaw has been reported in MySQL that can be exploited to cause a DoS (Denial of Service) or to execute arbitrary code on the open-source database, according to security alerts aggregator Secunia Inc.

  Trike - A Conceptual Framework for Threat Modeling
  26th, July, 2005

Trike is a unified conceptual framework for security auditing from a risk management perspective through the generation of threat models in a reliable, repeatable manner. A security auditing team can use it to completely and accurately describe the security characteristics of a system from its highlevel architecture to its low-level implementation details.

  Paying for Flaws: Undermining Security or Rewarding Good Deeds?
  26th, July, 2005

3Com Corp.'s announcement that its Tipping Point division would start paying for the rights to security flaw information found by private researchers has reignited an old debate: Should underground hackers benefit from breaking into software systems?

  Virus Writers Adopting Stealth Strategy
  26th, July, 2005

Virus writers who once favored releasing malware that would clog corporate networks by the thousands have shifted to a strategy of secrecy in which they commandeer PCs on the Internet in the pursuit of dollars instead of notoriety, a security expert said Friday.

  Privacy Guru Locks Down VOIP
  26th, July, 2005

First there was PGP e-mail. Then there was PGPfone for modems. Now Phil Zimmermann, creator of the wildly popular Pretty Good Privacy e-mail encryption program, is debuting his new project, which he hopes will do for internet phone calls what PGP did for e-mail.

Zimmermann has developed a prototype program for encrypting voice-over IP which he will announce tomorrow during a presentation at the BlackHat security conference in Las Vegas.

  iDefense ups the bidding for bugs
  27th, July, 2005

Security intelligence company iDefense has sweetened its offer to hackers who sell it details on new software vulnerabilities. The change comes one day after rival TippingPoint started to offer rewards for pinpointing bugs.

  VoIP Security: Uncovered
  27th, July, 2005

There seems little doubt amongst industry experts, that VoIP usage will only grow over the next five to ten years. All public estimates put the growth of the VoIP market in the billions over the coming decade.

  Personal storage sites are a 'safe haven for hackers'
  28th, July, 2005

Websense, the employee management software outfit that's become best known for heaping FUD on emergent net technolgies, has found a new target. Hot on the heels of charecterising online storage sites as a conduit for industrial espionage and blogs as a host of malware it's decided to chastise personal web hosting sites as a "Safe Haven for Hackers".

  SFTPPlus to meet regulatory & corporate needs
  28th, July, 2005

SFTPPlus is immediately available as a method of secure file transfer to meet corporate and regulatory requirements - offering additional functionality to SFTP. It is expected to have widespread usage in all sectors including government, local authority, retail, financial etc.

The current choice of tools for SFTP transfers is very large, but generally these are designed for interactive use, and provide little in the way of automated operations or audit trail for the client.

  The hunt is on for file format bugs
  28th, July, 2005

New tools could help bug hunters find vulnerabilities in popular file formats, such as the JPEG and GIF image formats. Flaws in how applications handle those file formats are drawing interest among security researchers, according to speakers at the Black Hat security conference here.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.